EIP-2026-111096

This exploit demonstrates multiple vulnerabilities in Vacation Packages Listing V2.0, including CSRF for admin creation, XSS in multiple input fields, and a local file disclosure vulnerability. The PoC provides functional HTML forms and a direct URL for exploitation.